• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
opera1er apt hackers targeted dozens of financial organizations in africa

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

You are here: Home / General Cyber Security News / OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa
November 3, 2022

A French-speaking menace actor dubbed OPERA1ER has been joined to a collection of much more than 30 profitable cyber attacks aimed at financial institutions, economical companies, and telecom providers throughout Africa, Asia, and Latin The usa involving 2018 and 2022.

According to Singapore-headquartered cybersecurity enterprise Group-IB, the attacks have led to thefts totaling $11 million, with real damages approximated to be as substantial as $30 million.

Some of the much more latest attacks in 2021 and 2021 have singled out five different banking companies in Burkina Faso, Benin, Ivory Coast, and Senegal. A lot of of the victims recognized are claimed to have been compromised 2 times, and their infrastructure subsequently weaponized to strike other companies.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


OPERA1ER, also regarded by the names DESKTOP-Group, Common Raven, and NXSMS, is recognised to be lively given that 2016, functioning with the objective of conducting economically motivated heists and exfiltration of files for further more use in spear-phishing attacks.

“OPERA1ER frequently operates for the duration of weekends and public vacations,” Team-IB mentioned in a report shared with The Hacker Information, including the adversary’s “full arsenal is based on open up-resource systems and trojans, or cost-free released RATs that can be identified on the dark web.”

This includes off-the-shelf malware these types of as Nanocore, Netwire, Agent Teslam Venom RAT, BitRAT, Metasploit, and Cobalt Strike Beacon, among the many others.

The attack chain commences with “high-excellent spear-phishing e-mails” with invoice and shipping-themed lures penned principally in French and to a lesser extent in English.

OPERA1ER Hackers

These messages function ZIP archive attachments or back links to Google Push, Discord servers, contaminated genuine internet websites, and other actor-controlled domains, which guide to the deployment of distant accessibility trojans.

Succeeding in the RAT execution, post-exploitation frameworks like Metasploit Meterpreter and Cobalt Strike Beacon are downloaded and launched to build persistent access, harvest qualifications, and exfiltrate documents of interest, but not just before an extended reconnaissance period of time to comprehend the back-end functions.

OPERA1ER Hackers

This is substantiated by the truth that the danger actor has been noticed paying out any where in between 3 to 12 months from initial intrusion to building fraudulent transactions to withdraw revenue from ATMs.

The last stage of the attack consists of breaking into the victim’s electronic banking backend, enabling the adversary to shift money from higher benefit accounts to hundreds of rogue accounts, and in the end funds them out through ATMs with the aid of a network of revenue mules hired in advance.

CyberSecurity

“Right here plainly the attack and theft of funds were being possible since the lousy actors managed to accumulate various amounts of access legal rights to the process by stealing the login qualifications of a variety of operator users,” Group-IB spelled out.

In a single occasion, over 400 mule subscriber accounts ended up employed to illicitly siphon the funds, indicating that the “attack was really sophisticated, arranged, coordinated, and planned more than a prolonged period of time of time”

The conclusions – carried out in collaboration with telecom large Orange – that OPERA1ER managed to pull off the banking fraud procedure by solely relying on publicly out there malware highlights the work that has long gone into finding out the inside networks of the businesses.

“There are no zero-day threats in OPERA1ER’s arsenal, and the attacks frequently use exploits for vulnerabilities learned a few several years ago,” the corporation mentioned. “By slowly but surely and watchful inching their way via the targeted program, they had been ready to efficiently have out at least 30 attacks all all around the globe in less than 3 a long time.”

Identified this short article exciting? Adhere to THN on Fb, Twitter  and LinkedIn to browse a lot more exclusive written content we write-up.


Some sections of this write-up are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Threat Actor “OPERA1ER” Steals Millions from Banks and Telcos
Next Post: Why Identity & Access Management Governance is a Core Part of Your SaaS Security why identity & access management governance is a core part»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.